Apple Requiring Notarization for Non Mac App Store Apps Starting February 2020

[MacRumors]

Apple this afternoon announced that developers who create Mac apps outside of the Mac App Store will need to submit them for the notarization process starting on February 3, 2020.

Apple temporarily relaxed the notarization requirements for non Mac App Store apps in September after the launch of macOS Catalina, and at the time, said developers would have until January 2020 to get used to the new rules.

The January 2020 deadline has been extended to February 2020, but at that time, developers will need to adhere to Apple's requirements.

Apple suggests that developers upload their software and review the developer log for warnings, as these warnings will become errors starting on February 3. Apple says that all errors will need to be fixed by that date for software to be notarized.

In June, we announced that all Mac software distributed outside the Mac App Store must be notarized by Apple in order to run by default on macOS Catalina. In September, we temporarily adjusted the notarization prerequisites to make this transition easier and to protect users on macOS Catalina who continue to use older versions of software. Starting February 3, 2020, all submitted software must meet the original notarization prerequisites.

If you haven't yet done so, upload your software to the notary service and review the developer log for warnings. These warnings will become errors starting February 3 and must be fixed in order to have your software notarized. Software notarized before February 3 will continue to run by default on macOS Catalina.

As a reminder, all installer packages must be signed since they may contain executable code. Disk images do not need to be signed, although signing them can help your users verify their contents.

Apple has been requiring new software distributed with a Developer ID outside of the ?Mac App Store? to be notarized in order to run since macOS Mojave 10.14.5, with the notarization process designed to protect Mac users from malicious and harmful apps.

For the notarization process, Apple provides trusted non ?Mac App Store? developers with Developer IDs that are required to allow the Gatekeeper function on macOS to install non ?Mac App Store? apps.

Notarization is not required for apps that are distributed through the ?Mac App Store?. More information on notarization can be found on Apple's developer site.

Article Link: Apple Requiring Notarization for Non Mac App Store Apps Starting February 2020

 

[zorinlynx]

Before people start to panic, remember this only affects being able to double-click an app to open it by default. You can still go out of your way to run a non-notarized app by right-clicking and clicking open. That then whitelists the app to run in the future normally.

This is more about stopping users from accidentally executing malicious code than a strongarmed attempt to lock down the platform.

Remember that MacOS is a development operating system; they can't lock it down like iOS without crippling the ability to develop software on it.

 

[CmdrLaForge]

Good to know as I was about close to freaking out.

 

[konqerror]

Apple this afternoon announced that developers who create Mac apps outside of the Mac App Store will need to submit them for the notarization process starting on February 3, 2020.

This statement is wrong and is getting everybody upset. A critical part of Apple's statement was deleted:

In June, we announced that all Mac software distributed outside the Mac App Store must be notarized by Apple in order to run by default on macOS Catalina.

Very simply put, signed apps must now be notarized. Unsigned apps are unchanged.

 

[alien3dx]

Maybe all will be brew? Future

 

[coolfactor]

Very simply put, signed apps must now be notarized. Unsigned apps are unchanged.

Isn't this slightly different with a higher bar of verification? All apps must be signed to run, notarized or not?

 

[JosephAW]

Does this mean we have to submit our proprietary source code to Apple now?

 

[KALLT]

Isn't this slightly different with a higher bar of verification? All apps must be signed to run, notarized or not?

No. Users can still override Gatekeeper on a case-by-case basis or disable it altogether. The verification is also still contingent upon File Quarantine, which means that it will not apply to software that is downloaded via software that does not quarantine files (such as curl). Software that is not signed thus continues to work under the same limitations as before.

Does this mean we have to submit our proprietary source code to Apple now?

Apple does not even get to see the source code when an app is submitted for publication on the App Store. For notarisation, a compiled product is sent to Apple for verification. They do some static analysis on the object code to check it for known malware signatures and confirm that it was properly code-signed. It is an automated process as far as I know.

 

[konqerror]

Isn't this slightly different with a higher bar of verification? All apps must be signed to run, notarized or not?

Nope. The only thing that was ever changed with unsigned apps was in Sierra, where you have to right-click on them to open.

Does this mean we have to submit our proprietary source code to Apple now?

Nope. You have to submit the final binary. Compare this to Windows which will send the binary to Microsoft the first time it's run anyway (automatic sample submission/cloud-delivered protection), or users which will upload it to VirusTotal.

 

[MvdM]

I assume they can refuse to authorize the more interesting apps like fan control etc.

 

[KALLT]

Nope. The only thing that was ever changed with unsigned apps was in Sierra, where you have to right-click on them to open.

Sierra did not add or change that. This manual override was present before, perhaps even since Lion. What Sierra did change was hiding the master switch in System Preferences (though it can still be accessed via spctl).

 

[Cosmosent]

Dual Boot (Mojave + Catalina) systems will soon become the norm !

Every Mac User I know has either already implemented it, OR working towards it.

NOBODY I know, including me, trusts Apple to do the right thing !

 

[Bustycat]

Dual Boot (Mojave + Catalina) systems will soon become the norm !

Every Mac User I know has either already implemented it, OR working towards it.

NOBODY I know, including me, trusts Apple to do the right thing !

Your circle is really special.

 

[bogdanw]

You can still go out of your way to run a non-notarized app by right-clicking and clicking open. That then whitelists the app to run in the future normally.

That's exactly the behavior hackers are targeting:

The technique is to ask users politely to right click on the AdobeFlashPlayer.app as soon as the AdobeFlashPlayer.dmg file is mounted:

New macOS Bundlore Loader analysis

Looking at a recent Malvertising campaigns detected by Confiant realtime Malvertising detection engine, we stumbled upon a slightly…

blog.confiant.com

 

[d5aqoëp]

Dual Boot (Mojave + Catalina) systems will soon become the norm !

Every Mac User I know has either already implemented it, OR working towards it.

NOBODY I know, including me, trusts Apple to do the right thing !

WTF? Is it even possible to dual boot without some hackery?

 

[dukebound85]

Dual Boot (Mojave + Catalina) systems will soon become the norm !

Every Mac User I know has either already implemented it, OR working towards it.

NOBODY I know, including me, trusts Apple to do the right thing !

i'll call that bluff

 

[zorinlynx]

That's exactly the behavior hackers are targeting:

New macOS Bundlore Loader analysis

Looking at a recent Malvertising campaigns detected by Confiant realtime Malvertising detection engine, we stumbled upon a slightly…

blog.confiant.com

You can only protect users so much.

I mean, if someone deliberately opens the gun safe using their combination, loads a round into the shotgun, aims it at their foot, and pulls the trigger, you can't blame the maker of the safe for being "insecure".

 

[realeric]

Before people start to panic, remember this only affects being able to double-click an app to open it by default.

It was me. The article should have included these info.

 

[badatusernames]

I assume they can refuse to authorize the more interesting apps like fan control etc.

Notarization isn’t an app review. Apple was explicit in saying this at WWDC.

 

[ignatius345]

Before people start to panic, remember this only affects being able to double-click an app to open it by default. You can still go out of your way to run a non-notarized app by right-clicking and clicking open. That then whitelists the app to run in the future normally.

Hey MacRumors editors: this above should have been front and center in your article. Unless you’re just trying to stir the pot and get people all agitated in your forums 🤔

 

[bogdanw]

You can only protect users so much.

By normalizing the behavior, making users do that for legitimate apps and malware alike, Apple is not protecting anyone. As threats are becoming more sophisticated, notarization is just another nuisance for developers and users.
Lazarus Group Evolves Fileless Mac Threat https://labs.k7computing.com/?p=19416
Lazarus Group Goes 'Fileless' https://objective-see.com/blog/blog_0x51.html

 

[macfacts]

This is to scare Indie devs into going through the Mac store.

 

[JosephAW]

Dual Boot (Mojave + Catalina) systems will soon become the norm !

Every Mac User I know has either already implemented it, OR working towards it.

NOBODY I know, including me, trusts Apple to do the right thing !

Even more extreme, macOS HFS+ boot and macOS AFS boot.
[automerge]1577141786[/automerge]

No. Users can still override Gatekeeper on a case-by-case basis or disable it altogether. The verification is also still contingent upon File Quarantine, which means that it will not apply to software that is downloaded via software that does not quarantine files (such as curl). Software that is not signed thus continues to work under the same limitations as before.



Apple does not even get to see the source code when an app is submitted for publication on the App Store. For notarisation, a compiled product is sent to Apple for verification. They do some static analysis on the object code to check it for known malware signatures and confirm that it was properly code-signed. It is an automated process as far as I know.

I suppose they can reverse engineer our code since they are the ones who created Xcode.

 

[KALLT]

I suppose they can reverse engineer our code since they are the ones who created Xcode.

It doesn’t matter that Apple created Xcode; you don’t need it. Apple uses open-source compilers for C, C++, Objective-C and Swift. Once you start deploying your app, anyone who gets their hands on it can reverse-engineer it.

 

[konqerror]

Sierra did not add or change that. This manual override was present before, perhaps even since Lion. What Sierra did change was hiding the master switch in System Preferences (though it can still be accessed via spctl).

The original behavior was double-clicking unsigned apps would pop up a dialog box with an option to continue. As of Sierra, the double-click dialog box has the option to continue removed.

The way to get the option to continue is right-clicking and selecting open. The user is then presented with the same dialog box, but with the added option to continue.